← 返回 Skills 市场
量子密信-Openclaw对接
作者
codenamelokcon
· GitHub ↗
· v1.0.2
581
总下载
1
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install quantum-messenger
功能描述
帮助中国电信同人及客户实现通过量子密信调用 OpenClaw 机器人。支持文本、图片、附件及状态栏反馈。
安全使用建议
This skill appears to implement the advertised Quantum Messenger <-> OpenClaw bridge, but it has concrete implementation risks you should address before deploying:
- Command injection risk: the code builds a shell command with unescaped JSON (exec). Replace exec with a safe invocation (child_process.spawn with argument array) or otherwise sanitize input to avoid arbitrary command execution.
- Arbitrary-file upload / exfiltration: the listener will upload any local file path returned by the AI (IMAGE:/FILE:) to an external host (imtwo.zdxlz.com). Restrict what paths are allowed, run the service with least filesystem privileges, and audit what files might be accessible.
- Plain HTTP + key-in-query: the upload/send endpoints use http and include QUANTUM_KEY in the URL query string, which exposes credentials in transit and in logs. Use HTTPS endpoints and send auth in headers where possible. Verify whether imtwo.zdxlz.com is an official/trusted Quantum Messenger endpoint; if not, do not send sensitive data.
- Network trust and isolation: run this service in a locked-down container or VM with minimal privileges and limited outbound network access to only the known Quantum endpoints. Monitor logs for unexpected uploads.
- Additional checks: confirm the ownership/trustworthiness of the imtwo.zdxlz.com host; audit and pin the OpenClaw CLI binary you run; rotate QUANTUM_KEY after testing.
If you cannot confirm the upstream endpoint and cannot harden command execution and file-access logic, treat this skill as risky and avoid deploying it on systems that hold sensitive data.
功能分析
Type: OpenClaw Skill
Name: quantum-messenger
Version: 1.0.2
The skill contains a significant command injection vulnerability in `scripts/listener.mjs` where user-provided content is passed to `child_process.exec` via the OpenClaw CLI. Furthermore, the logic in `listener.mjs` that parses AI responses for `IMAGE:` or `FILE:` prefixes and automatically uploads the referenced paths to an external endpoint (`imtwo.zdxlz.com`) creates a high risk of arbitrary file exfiltration if the AI is manipulated. While these appear to be architectural flaws rather than intentional malware, the combination of remote command execution risk and file access makes the bundle unsafe for production without sanitization.
能力评估
Purpose & Capability
Name/description match the code: listener receives webhook messages and forwards them to OpenClaw, then returns text/media via the Quantum Messenger webhook. Required binary (node) and QUANTUM_KEY credential are appropriate for this integration. The script expects an installed OpenClaw CLI (documented in README), so the requested items are proportionate to the declared purpose.
Instruction Scope
The runtime instructions and code go beyond simple message forwarding in risky ways: the listener executes a shell command 'openclaw agent --message <json>' by interpolating JSON directly into a shell string (child_process.exec), which makes the host vulnerable to command injection from attacker-controlled input. The listener also inspects AI responses for local file paths (IMAGE:/FILE:) and, if present, will read arbitrary local files and upload them to an external endpoint — this can exfiltrate sensitive files from the server. Network calls use plain HTTP with the QUANTUM_KEY in query strings, exposing the key in transit and logs. These behaviors are functional for the feature set but are high-risk and should be hardened.
Install Mechanism
No external install spec (instruction-only with included scripts) — low install risk. The code does not pull remote archives or execute installation downloads. The README asks operators to ensure OpenClaw is installed separately; that is consistent and expected.
Credentials
Only QUANTUM_KEY (and optionally QUANTUM_PORT) are required — that is proportionate. However, the code transmits that key in plaintext over HTTP to imtwo.zdxlz.com and uses it as a direct query parameter for upload/send operations, which increases credential exposure risk. The single env var is sensible, but transport and endpoint selection weaken that proportionality.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges; it is user-invocable and does not auto-enable itself. It does run a persistent HTTP server (normal for webhook integrations) but does not modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install quantum-messenger - 安装完成后,直接呼叫该 Skill 的名称或使用
/quantum-messenger触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
- Version bump from 1.0.1 to 1.0.2 with no functional or content changes.
- No files were modified in this release.
v1.0.1
- Added skill metadata specifying required binaries (node) and environment variable (QUANTUM_KEY)
- Fixed slug naming
- Standardized the skill name format in metadata
- Updated skill version to 1.0.1
v1.0.0
## 🌟 简介
本技能旨在帮助 **中国电信的同事** 及 **使用中国电信量子密信的客户** 实现通过量子密信调用 OpenClaw 机器人。
通过此技能,您可以将量子密信作为 AI 机器人的前端界面,实现文本对话、图片生成、文件传输等多种交互功能,并能在回复中实时查看到 AI 模型的运行状态(CTX、时间等)。
## 👤 作者信息
- **作者**: 上海电信政支中心/量子能力中心 技术经理 程沛及他的openclaw机器人助手:1号机(Gemini)
- **联系方式**: 18918115454
- **邮箱**: [[email protected]]
元数据
常见问题
量子密信-Openclaw对接 是什么?
帮助中国电信同人及客户实现通过量子密信调用 OpenClaw 机器人。支持文本、图片、附件及状态栏反馈。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 581 次。
如何安装 量子密信-Openclaw对接?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install quantum-messenger」即可一键安装,无需额外配置。
量子密信-Openclaw对接 是免费的吗?
是的,量子密信-Openclaw对接 完全免费(开源免费),可自由下载、安装和使用。
量子密信-Openclaw对接 支持哪些平台?
量子密信-Openclaw对接 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 量子密信-Openclaw对接?
由 codenamelokcon(@codenamelokcon)开发并维护,当前版本 v1.0.2。
推荐 Skills